这就是所谓混合身份验证模式。基本上你不能一个的单的应用程序中，因为在IIS一旦您设置Windows身份验证的虚拟目录，将不再接受来自不同领域的用户实现这一目标。所以基本上你需要有使用窗体身份验证两个应用程序，先用Windows身份验证和第二个（主要应用）。第一个应用程序将包括这将仅仅通过发出身份验证票证域用户重定向到主应用程序的单一地址。

This is called mixed authentication mode. Basically you cannot achieve this within a single application because in IIS once you set up Windows authentication for a virtual directory it will no longer accept users from different domains. So basically you need to have two applications, the first with Windows Authentication and the second (the main application) using Forms authentication. The first application will consist of a single address which will simply redirect to the main application by issuing an authentication ticket for the domain user.